SPEAKERS

We have a great a line up of speakers and talks for the conference.

This page will be updated with more details of the speakers and talks.

Dr Andrew Jones, System Architect, Arm

Presentation: Threat Modelling & Security Analysis For IoT

Among the most critical tasks in developing secure device is designing platforms with robust countermeasures for identified threats. Andrew will give an overview of Arm’s Platform Security Architecture and how threat modelling can be performed to identify and mitigate attacks.

Dr Andrew Jones is the Arm architect focused on future systems design of IoT and embedded automotive systems. Andrew is a veteran system architect having previously worked at the University of Bristol, and several microelectronics companies in the UK and US. He has managed the specification of dozens of successful chips and is the holder of over 50 patents. Andrew Jones is the author of a book on network design and of a number of publications focused on system on chip architectures.

Tony Gee, Associate Partner, Pen Test Partners

Presentation: Blockchain, does it fix everything? Hacking the IoT to break blockchain!

As we march ever closer to a world of IoT and the irrefutability of the ledger, we are now seeing companies looking to implement blockchain technology, however, as with the early IoT, organisations are rushing to make the same mistakes. This talk will look at what we learnt from hacking the IoT, including demonstrating some new compromises and show how we can apply this to attacking blockchain and the devices used to interact with it.

Tony has over 13 years of security experience, he has worked both as an internal blue team consultant within the finance industry and for the technology partner for the world leading Oyster card system and more latterly as an external security tester and auditor.

Tony speaks the world over at technology events highlighting key risks with the internet of things, automotive and maritime and key payment systems. Tony is able to illustrate and demonstrate critical issues in these systems in a way the audiences of all levels can understand. He has spoken at PCI events in Europe and Asia, at the SC Congress in London, technical conferences such as BSides and many other partner events, including speaking at the US Congress, European Central Bank and the European Parliament.

Stuart Traynor, Solutions Architect, Cisco

Presentation: Evolution of factory security for Industry 4.0

The digitisation of manufacturing, or Industry 4.0 as it is commonly known, is driving manufacturing organisations to rapidly adopt new technologies including, Robotics, Industrial IoT, Mobility, Collaboration and Analytics to help drive efficiency within their processes. Unfortunately, more devices and connections also open the door to new cyber-security risks, and previous generations of industrial control systems were not conceived with security or the IP connectivity needed in mind.

Traditional guidance to create air gapped and siloed networks is no longer relevant in today’s world which needs to make use of the data generated on the factory floor. This session looks to explore how cyber-security is evolving in order to allow organisations to effectively adopt Industry 4.0 whilst maintaining the required level of security. It will discuss two case studies (large enterprise and SMB) to explore the different challenges and approaches required to evolve security in the manufacturing environment.

Stuart is Solutions Architect within Cisco UKI Technology Office with a focus on working with  manufacturing customers as they look move towards Industry 4.0

Ivan Reedman, Global Hardware Security Capability Development Lead,  X-Force Red, IBM

Presentation: El3ctro-hackery

Ivan will talk about common techniques used during hacking of embedded systems from simple signal interception to side channel attacks including a deeper look at early exit comparisons and the risks they pose. Moving to simple advice for engineers/designers and project managers to help design securely rather than retrospectively plugging security holes all as common sense advice.

With more a 30 years in research and development, and in excess of 8 years in offensive hardware tool development, Ivan Reedman (aka ToyM4ker) brings with him deep hardware design and development experience, from switching power supplies through to complex embedded systems.

Keen to share his knowledge, Ivan provides hardware capability development thought leadership and innovation for his team and works with clients in assessment, design consultancy and training capacities with respect to hardware security.

Having discovered a number of silicon level vulnerabilities present in millions of IoT products from large Silicon Valley vendors, developed a working proof of concept generic IoT platform to demonstrate the design flaw and presented this material at a number of security conferences, Ivan works to find un-patchable hardware vulnerabilities in order to help convey the importance of secure by design applying to hardware as well as all other aspects of the design life cycle.

Dan Craddock, Cyber Security Project and Policy Manager, Department for Digital, Culture, Media and Sport (DCMS)

Presentation: The UK Government's approach for tackling insecurity in consumer IoT devices 

Dan will give an overview of the UK Government's ongoing work to tackle insecurity in IoT devices. The talk will include a detailed look at the recently published Code of Practice for Consumer IoT and other outputs including mapping, consumer guidance and the response to the informal consultation following the March 2018 publication of the Secure by Design report. Dan will also give an overview of the next steps for this policy area and outline how the UK Government is working closely with manufacturers to improve the security of IoT devices.

Dan Craddock is a Policy Advisor in the Secure by Design Team at the Department for Digital, Culture, Media and Sport. He is currently leading on stakeholder engagement and driving manufacturer uptake of the UK's Code of Practice for Consumer IoT.

Tim Snape, Head of Security - IoT,  Vodafone Group Enterprise Technology

Presentation: IoT saves lives – An alternative view of IoT security

With increasing adoption of IoT in all industry sectors, security professionals continue to focus on the risks introduced by this revolutionary technology. In this session, Tim will share the view from a mobile operator perspective and explore the safety, privacy and security aspects of IoT, as it continues to be embedded in more of the technology we use on a daily basis.

Cellular technology provides a range of opportunities for organisations to leverage IoT. You will hear from Tim about how IoT is being used to transform the automotive industry, to provide customers with new levels of safety and convenience, while addressing the issues, including:

  • securing IoT devices
  • managing IoT complexity
  • protecting customer information

Philippe Hougardy, Senior Business Development Manager,  IoT Solutions, Amazon Web Services (AWS)

Presentation: How AWS oversees IoT and provide security solutions in a multi-dimensional environment

AWS provides a wide range of cloud services and IoT is a part of the offer. Whereas it is very difficult to provide an end to end IoT solution, AWS IoT solution had always been build with security in mind

Before joining AWS, Philippe worked for ISV and telco operators for 20 years involved in Fintech SaaS services and security solutions for Financial Services Industry. He was also involved at the initiative of the conception and deployment of Luxembourg smart city project, a public / private wide area wifi network, loaded with IoT services to enrich the city experience.

Rob Dobson - Director, Device Authority

Presentation: Keeping Patients Alive: A Secure Internet of Medical Things

Experts predicted that like the Internet, the Internet of Things (IoT) too is going to be a part of our everyday life. With an increasing number of medical devices connecting to the Internet, the idea of a connected healthcare sphere becomes more interesting. Several software, service, and product companies are showing interest in connecting devices with a view to make their primary product or service more achievable.

IoT medical devices provide many benefits for different stakeholders, most notably improved healthcare for patients, efficiency and cost savings for the manufacturer and real time monitoring for healthcare professionals. However, there are risks associated with connecting medical devices to the Internet. The good news is there are ways to mitigate them, which will be addressed in this session.

The session will include:

  • Introduction to IoT medical devices: benefits, concerns and risks
  • Common security challenges
  • How to secure a connected / IoT medical device

 

Rob has over 25 years of experience in industry, with a wide range of expertise across cybersecurity, IoT, SaaS, Semiconductors and Software engineering. He has been involved in several successful start-ups. Rob helps customers architect and deploy successful IoT solutions with the security they need and is also well known for speaking at various events around the world on IoT Security across many markets, most prominently Industrial & Medical/Healthcare.

Roger Shepherd, Ambassador,  IoT Security Foundation

Presentation: Using the IoTSF’s Security Compliance Framework to improve the security of your IoT products and systems

This talk looks at the IoT Security Foundation’s "Security Compliance Framework" and how to use it to help improve the security of IoT products and systems. The IoT IoTSF is a collaborative, non-profit, international organisation formed in response to the complex challenges posed by security in the connected world of the Internet of Things. Amongst other activities, the IoTSF has developed Best Practice Guides and a Security Compliance Framework.

Roger Shepherd, Managing Director, Chipless Ltd, has worked in the electronics industry for 38 years. He joined UK semiconductor start-up Inmos in 1979 where he was part of the team who designed the Inmos transputer. Subsequently he has worked across a wide range of hardware, software and embedded system technologies. In 2014 he set up Chipless Ltd, which provides consultancy in system design and security. In October 2015 Chipless became a founding member of the IoT Security Foundation. During 2016 Roger spent six months as CTO of cyber security venture Lujam

Tuukka Laurikainen, ICS Solutions Architect, Representing the Industrial Internet Consortium

Presentation: How to avoid being an idIoT by using the Industrial Internet Consortium’s Security Framework

A review of some of the incidents that have occurred in the IoT world, considering the proposals made by the IIC IIoT security framework that would have avoided the catastrophe.

During the talk we will introduce the IIoT security framework and give a series of recommendations on how to carry out a secure development and management of IoT systems.

Tuukka Laurikainen, specialised in networking and security and more than 15 years of experience in information technology in different sectors and roles. Highly skilled in problem solving and technical architectures, he started his career in the health sector in Finland after operating BBS systems and pre-email messaging exchange. Since then and for more than 10 years he has been doing technical consulting in Spain for both national and international customers ranging from automotive and manufacturing to banking and public sector.

Currently Tuukka is an ICS Solutions Architect at Titanium Industrial Security, where he is helping industrial enterprises address the changing needs in the industry and to secure their most important assets.

Tom Gaffney, Principal Consultant, F-Secure

Presentation: Not so Smart devices. IoT threats, examples, actors and mitigation

Tom's talk will review the dark side of the explosion in number of connected devices within our homes, businesses and critical infrastructure.

The session will include:

  • Examples of the diverse risks facing “smart" devices, from power stations to consumer goods, core networking kit and even hotel key cards
  • The threat actors responsible and their motivations
  • Mitigation factors in design and how consumers and businesses can protect themselves

Tom has been in technology for 20 years and in security for 15. Currently at F-Secure where he runs the technical engineering teams who serve Internet Service Providers and is the technical face of F-Secure in the UK for media. Interested in security (of course) and privacy and runs secure ops and privacy sessions for NGO’s.”

Stephan Noller, CEO & Co-Founder, ubirch

Presentation: Making IoT Security Pervasive with Blockchain and Cryptography

ubirch has developed a solution, that uses Blockchain-Technology and ECC-Cryptography to secure IoT device data in a new way. Instead of focussing on the security of the device itself or the transmission channel the ubirch solution adds security credentials to every single measurement of an IoT sensor. This digital signature can then be used by everyone who receives the data, even if he does not operate the sensor or the device. The data can always be checked for integrity and provenance, even years later and if the data has travelled a lot. This changes how IoT data from industrial production can be used for connected production, but it is also a game-changer for parametric insurances.

Stephan Noller, Psychologist and Serial Entrepeneur from Cologne, Germany. Developed the first machine learning based audience measurement system for the german advertisting market, known as „internet facts“ and still in use. Founder and CEO of targeting specialist nugg.ad AG in Berlin, european market leader for predictive targeting, sold to Deutsche Post and later Zalando AG. Chairman of the policy committee at IAB Europe in Brussels, negotiated self-regulation for online advertising across all european markets with the commission. Member of the advisory board of the german ministry of economics, vice-chairman of german association for the digital industry bvdw with a focus on IoT and digital transformation. Founder of Calliope mini, a non-profit initiative to bring digital education to first grade kids. Since 2015 founder and CEO of ubirch GmbH, a company that offers the "Blockchain for Things", a secure stack to link things to the cloud by using cryptography and blockchain technology, recently awarded as "cool vendor" by Gartner.

Prof. Gareth Howells, Founder, Director and Chief Technology Officer, Metrarc

Presentation: ICMetrics: A keyless security platform for IoT

Metrarc Ltd. has developed a ground-breaking security technology based on the derivation of encryption keys directly from the properties of IoT devices. Established encryption systems have an inherent weakness that the keys that are used to encrypt and decrypt data are stored and therefore if found can be abused. Metrarc have developed ICMetrics, which derives a stable encryption key from potentially varying features of an IoT device, subsequently discarding it without storing either it or any reference templates underlying its generation. The lack of templates and stored keys ensures much greater security then alternative approaches.

Prof. Gareth Howells is a Founder, Director and Chief Technology Officer of Metrarc Ltd and holds a Chair in Secure Electronic Systems at the University of Kent. He has been involved in research areas relating to security technology for over 30 years and has been instrumental in the development of novel technologies for device authentication. He has published over 200 papers in the technical literature, co-editing two books and contributing to several other edited publications.

Robin Kennedy - Cyber Security, Knowledge Transfer Network (KTN)

Presentation: CyberASAP - Commercialising UK Academic Ideas

The Cyber Security Academic Startup Accelerator Programme is delivered by KTN in partnership with DCMS and InnovateUK.

Robin will give an introduction to the programme followed by presentation pitches from some of the current cohort.

Robin Kennedy is Knowledge Transfer Manager for Cyber Security/ Personal Data & Trust at the Knowledge Transfer Network (KTN)